import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class JdbcDemo06 {
    public static void main(String[] args) throws SQLException {
        // 预编译sql
        String sql = "select * from user where account=?and password=?";
        PreparedStatement ps = JDBCUtil1.getStatement(sql);
        ps.setString(1, "123456");
        ps.setString(2, "123456' or '1'='1 ");
        ResultSet resultSet = ps.executeQuery();// 调用查询
        while (resultSet.next()) {
            System.out.println(resultSet.getString(2));
        }
        JDBCUtil1.close(resultSet);


    }
}
